| Name |
Weakening of Cellular Encryption |
|
| Likelyhood of attack |
Typical severity |
| Medium |
High |
|
| Summary |
An attacker, with control of a Cellular Rogue Base Station or through cooperation with a Malicious Mobile Network Operator can force the mobile device (e.g., the retransmission device) to use no encryption (A5/0 mode) or to use easily breakable encryption (A5/1 or A5/2 mode). |
| Prerequisites |
Cellular devices that allow negotiating security modes to facilitate backwards compatibility and roaming on legacy networks. |
| Solutions | Use of hardened baseband firmware on retransmission device to detect and prevent the use of weak cellular encryption. Monitor cellular RF interface to detect the usage of weaker-than-expected cellular encryption. |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-757 |
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') |
|
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-620 |
An attacker forces the encryption level to be lowered, thus enabling a successful attack against the encrypted data. |
|